Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Computing and Security Issues

32 views

Published on

Cloud computing has become one of the most interesting topics in the IT world today. Cloud model of computing as a resource has changed the landscape of computing as it promises of increased greater reliability, massive scalability, and decreased costs have attracted businesses and individuals alike. It adds capabilities to Information Technology’s. Over the last few years, cloud computing has grown considerably in Information Technology. As more and more information of individuals and companies are placed in the cloud, there is a growing concern about the safety of information. Many Companies that are considered to be giants in software industry like Microsoft are joining to develop Cloud services [1]. Despite the hype about the cloud, customers are reluctant to deploy their business in the cloud. Security issues is one of the biggest concerns that has been affecting the growth of cloud computing .It adds complications with data privacy and data protection continues to affect the market. Users need to understand the risk of data breaches in the cloud environment. The paper highlights issues related to cloud computing.

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

Cloud Computing and Security Issues

  1. 1. Rohan Jathanna. Int. Journal of Engineering Research and Application www.ijera.com ISSN : 2248-9622, Vol. 7, Issue 6, ( Part -5) June 2017, pp.31-38 www.ijera.com DOI: 10.9790/9622-0706053138 31 | P a g e Cloud Computing and Security Issues Rohan Jathanna*, Dhanamma Jagli** *(Department of Mca, VESIT, Mumbai Email: rohan.jathanna@ves.ac.in) ** (Department of Mca, VESIT, Mumbai Email: dsjagli.vesit@gmail.com ) ABSTRACT Cloud computing has become one of the most interesting topics in the IT world today. Cloud model of computing as a resource has changed the landscape of computing as it promises of increased greater reliability, massive scalability, and decreased costs have attracted businesses and individuals alike. It adds capabilities to Information Technology’s. Over the last few years, cloud computing has grown considerably in Information Technology. As more and more information of individuals and companies are placed in the cloud, there is a growing concern about the safety of information. Many Companies that are considered to be giants in software industry like Microsoft are joining to develop Cloud services [1]. Despite the hype about the cloud, customers are reluctant to deploy their business in the cloud. Security issues is one of the biggest concerns that has been affecting the growth of cloud computing .It adds complications with data privacy and data protection continues to affect the market. Users need to understand the risk of data breaches in the cloud environment. The paper highlights issues related to cloud computing. Keywords - Cloud computing, security Issue I. INTRODUCTION Software Developers describe Cloud in a different way than a System Administrator, while a Database Administrator may have different definition. Cloud means a wide range of scalable services that users can access via an Internet connection. Providers like Microsoft, Amazon, Google and many more provide various cloud-based services for which users can pay on the basis of service subscription and consumption. Many providers offer a wide range of Cloud services like Messaging, Social Computing, Storage, CRM, Identity management, Content Management etc. Cloud computing is dependent on resource sharing. Using these internet enabled devices, cloud computing permits the function of application software. Cloud computing is also known as the cloud. Cloud computing serves a wide range of functions over the Internet like storage. Taking advantage of resource sharing, cloud computing is able to achieve consistency and economies of scale. Types of cloud computing can be classified on basis of two models. Cloud computing service models and cloud computing deployment models. It is a file backup shape. It also allows working on the same document for several jobs of different types .Cloud computing simplifies usage by allowing overcoming the limitations of traditional computer. Cloud computing also provides more agility because it allows faster access. These hosted services are normally separated into three broad categories: Infrastructure-as-a-Service (IaaS), Platform-as-a- Service (PaaS) and Software-as-a-Service (SaaS). A cloud service is used by clients as and when needed, usually on hourly basis. This pay as you go approach has made the cloud flexible such that where end user can have services the way they desire at any point of time and the cloud services is entirely monitored by the provider. There are some of the basic security threats that have exploited the usage of Cloud Computing. An example of security threat is botnets, the use of botnets to spread spam and malware. Of the 761 data breaches investigated in 2010 by the U.S. Secret Service, almost 63% occurred at companies with 100 or fewer employees. And a 2011 survey by security systems provider Symantec Corp. around 2,000 plus small and midsize enterprises indicated that close to 73% had been breached by a cyber-attack. One of the best features of cloud computing is pay-as-you-go model of computing as a resource. This model of computing has enabled businesses and organizations in need of computing power to purchase as many resources as they need without the need to put forth a large capital investment in the IT infrastructure. Other advantages of cloud computing are scalability and increased flexibility for a relatively constant price. [2]. Cloud is the new trend in the evolution of the distributed systems. The user does not need knowledge or expertise to control the infrastructure of clouds, it provides abstraction. Cloud providers deliver common online business applications which are accessed from servers through web browser [3]. RESEARCH ARTICLE OPEN ACCESS
  2. 2. Rohan Jathanna. Int. Journal of Engineering Research and Application www.ijera.com ISSN : 2248-9622, Vol. 7, Issue 6, ( Part -5) June 2017, pp.31-38 www.ijera.com DOI: 10.9790/9622-0706053138 32 | P a g e II. CLOUD COMPUTING MODELS Cloud hosting deployment models are classified by the proprietorship, size and access. It tells about the nature of the cloud. Most of the organizations are willing to implement cloud since it reduces the expenditure and controls cost of operation 2.1Cloud computing deployment models 2.1.1 Public Cloud It is a type of cloud hosting in which the cloud services are delivered over a network that is open for public usage. This model is actually true representation of cloud hosting. In this the cloud model service provider provides services and infrastructure to various clients. Customers do not have any control over the location of the infrastructure. There may be very little or no difference between public and private clouds structural design except the level of security that are offered for various services given to the public cloud subscribers by the cloud hosting providers. Public cloud is suited for business which require managing load. Due to the decreasing capital overheads and operational cost the public cloud model is economical. Dealers may provide the free service or license policy like pay per user. The cost is shared by all the users in public cloud. It profits the customers by achieving economies of scale. Public cloud facilities may be available for free an e.g. of a public cloud is Google. 2.1.2 Private Cloud It is also known as internal cloud. This platform for cloud computing is implemented on cloud-based secure environment and it is safeguarded by a firewall which is governed by the IT department that belongs to a particular corporate. Private cloud permits only the authorized users and gives the organization greater control over their data. The physical computers may be hosted internally or externally they provide the resources from a distinct pool to the private cloud services. Businesses having unanticipated or dynamic needs, assignments which are critical management demands and uptime requirements are better suited to adopt private cloud. In private cloud there is no need for additional security regulations and bandwidth limitations that can be present in a public cloud environment. Clients and Cloud providers have control of the infrastructure and improved security, since user’s access and the networks used are restricted. One of the best examples is Eucalyptus Systems [4]. 2.1.3 Hybrid Cloud It is a type of cloud computing, which is integrated. It could constitute an arrangement of two or more cloud servers, i.e. either of the combination of private, public or community cloud that is bound together but remain individual entities. Hybrid clouds are capable of crossing isolation and overcoming boundaries by the provider; therefore, it cannot be simply categorized into public, private or community cloud. It allows the user to increase the capacity as well as the capability by assimilation, aggregation and customization with another cloud package / service. In a hybrid cloud, the resources are managed either in-house or by external providers. It is an adaptation between two platforms in which the workload exchanges between the private cloud and the public cloud as per the needs and demand of organization. Resources which are non-critical like development and test workloads can be housed in the public cloud that belongs to a third- party provider. While the workloads that are critical or sensitive should be housed internally. Organizations may use the hybrid cloud model for processing big data. Hybrid cloud hosting has features like scalability, flexibility and security. 2.1.4 Community Cloud It is a type of cloud hosting in which the setup is mutually shared between a lot of organizations which belong to a particular community like banks and trading firms. It is a multi-tenant setup that is shared among many organizations that belong to a group which has similar computing apprehensions. Theses community members usually share similar performance and security concerns. The main intention of the communities is to achieve business related objectives. Community cloud can be managed internally or can be managed by third party providers and hosted externally or internally. The cost is shared by specific organizations within the community, therefore, community cloud has cost saving capacity. Organizations have realized that cloud hosting has a lot of potential. To be the best one must select the right type of cloud hosting Therefore, one need to know the business and analyze his/her demands. Once the appropriate type of cloud hosting is selected, one can achieve business related goals easily. 2.2: Cloud computing service models
  3. 3. Rohan Jathanna. Int. Journal of Engineering Research and Application www.ijera.com ISSN : 2248-9622, Vol. 7, Issue 6, ( Part -5) June 2017, pp.31-38 www.ijera.com DOI: 10.9790/9622-0706053138 33 | P a g e 2.2.1: Software as a Service (SaaS) Software as a Service (SaaS) is growing rapidly. SaaS makes uses the web to provide applications which are managed by a third-party vendor and whose interface is accessed on the client side. SaaS applications can be run from a web browser without the need to download or installation, but these require plugins. The cloud provider provides the consumer with the ability to deploy an application on a cloud infrastructure [5].Because of this web delivery model SaaS removes the need to install and run applications on individual computers. In this model it is easy for enterprises to improve their maintenance and support, because everything can be managed by vendors: applications, runtime, data, middleware, OS, virtualization, servers, storage and networking. Popular SaaS services include email and collaboration, healthcare-related application. SaaS providers usually offer browser-based interfaces. APIs are also normally made available for developers. The key benefit of SaaS is that it requires no advance investment in servers or licensing of software. The application developer, have to maintain one application for multiple clients. 2.2.2: Infrastructure as a Service (IaaS) Infrastructure as a Service, are used for monitoring, and managing remote datacenter infrastructures, such as compute (virtualized or bare metal), storage, Users can purchase IaaS based on consumption, similar to other utility billing. IaaS users have the responsibility to be in charge applications, data, runtime and middleware.. Providers can still manage virtualization, servers, storage, and networking. IaaS providers offer databases, messaging queues, and other services above the virtualization layer as well. 2.2.3: Platform as a Service (PaaS) Platform as a service (PaaS) is a kind of cloud computing services that provides a platform that allows customers to develop, run, and manage applications without the problem of building and maintaining the infrastructure. One need not be bothered about lower level elements of Infrastructure, Network Topology, Security all this is done for you by the Cloud Service Provider. With this technology, third-party providers can manage OS, virtualization, and the PaaS software itself. Developers manage the applications. Applications using PaaS inherit cloud characteristic such as scalability, multi-tenancy, SaaS enablement, high- availability and more. Enterprises benefit from this model because it reduces the amount of coding, automates business policy, and help in migrating applications to hybrid model. III. SECURITY ISSUES Cloud service models not only provide different types of services to users but they also reveal information which adds to security issues and risks of cloud computing systems. IaaS which is located in the bottom layer, which directly provides the most powerful functionality of an entire cloud. IaaS also enables hackers to perform attacks, e.g. brute-forcing cracking, that need high computing power. Multiple virtual machines are supported by IaaS, gives an ideal platform for hackers to launch attacks that require a large number of attacking instances. Loss of data is another security risk of cloud models. Data in cloud models can be easily accessed by unauthorized internal employees, as well as external hackers. The internal employees can easily access data intentionally or accidently. External hackers may gain access to databases in such environments using hacking techniques like session hijacking and network channel eavesdropping. Virus and Trojan can be uploaded to cloud systems and can cause damage [6].It is important to identify the possible cloud threats in order to implement a system which has better security mechanisms to protect cloud computing environments. 3.1Threats in cloud computing 3.1.1Compromised credentials and broken authentication Organizations/companies at times struggle with identity management as they try to grant permissions appropriate to the user’s job role. They sometimes forget to remove user access when a job function changes or a user leaves the organization. The Anthem breach exposed more than 80 million customer records, was the result of stolen user credentials. Anthem had failed to deploy multifactor authentication, so when the attackers obtained the credentials, it was all over. Many deSvelopers have made the mistake of embedding credentials and cryptographic keys in source code and have them in public-facing repositories [7]. 3.1.2Data breaches Cloud environments face many of the same threats as traditional corporate networks, but since a large amount of data is stored on cloud servers, providers have become an attractive target. The severity of the damage tends to depend on the sensitivity of the data that is exposed. Personal financial information grabs the headlines, but breaches involving government information, trade secrets can be more devastating. When a data breach takes place, a company may be subjected to legal action. Breach investigations and customer notifications can rack up significant costs. Indirect
  4. 4. Rohan Jathanna. Int. Journal of Engineering Research and Application www.ijera.com ISSN : 2248-9622, Vol. 7, Issue 6, ( Part -5) June 2017, pp.31-38 www.ijera.com DOI: 10.9790/9622-0706053138 34 | P a g e effects may include brand damage and loss of business can impact organizations future for years. 3.1.3Hacked interfaces and APIs Today every cloud service and application now offers APIs. IT teams use these interfaces and APIs to manage and interact with cloud services, including those that offer cloud provisioning, management and monitoring. The security and availability of cloud services depend on the security of the API. Risk is increased with third parties who rely on APIs and build on these interfaces, as organizations may need to expose more services and credentials. APIs and Weak interfaces may expose organizations to security related issues such as confidentiality, accountability, availability APIs and interfaces are the very much exposed part of the system because they can be accessed from open Internet [7]. 3.1.4 Exploited system vulnerabilities Vulnerabilities in system, exploitable bugs in programs have become a bigger problem with the advent of multitenancy in cloud computing. Organizations share memory, databases and resources in close proximity to one another, creating new attack surfaces. The costs of mitigating system vulnerabilities are relatively small compared to other IT expenditures. The expense of putting IT processes in place to find and repair vulnerabilities is small when compared to the potential damage. 3.1.5 Account hijacking Phishing, fraud, and software exploits are highly prevalent today, and cloud services add a new dimension to the threat because attackers can eavesdrop on activities, manipulate transactions, and modify data. Attackers may be able to use the cloud application to launch other attacks. Organizations must prohibit sharing of account credentials between users and services and must enable multifactor authentication schemes where available. Accounts, must be monitored so that every transaction should be traced to a human owner. The key is to protect account credentials from being stolen [7]. 3.1.6 Permanent data loss Hackers have in the past have permanently deleted data from cloud to cause harm businesses and cloud data centers are as vulnerable to natural disasters as any facility. Cloud providers may recommend distributing applications and data across multiple zones for better protection. Adequate data backup measures and disaster recovery are very important. Daily data backup and off-site storage are very important with use of cloud environments. The burden of preventing data loss is not only of cloud service provider, but also of data provider. A customer may encrypt data before uploading it on the cloud, then that customer has to be careful to protect the encryption key. If the key is lost then the data will also be lost. Compliance policies many a times specify how long organizations must retain records of audit and other documents. Losing such sensitive data may have serious consequences. 3.1.7 Inadequate diligence Organizations accepting cloud computing without having complete understanding of the environment and risks associated with it may encounter a great number of commercial, financial, technical, legal, and compliance risks. Diligence is needed whether the organization is trying to migrate to the cloud or merging with another company in the cloud. For example, organizations that fail to examine a contract may not be aware of the provider’s liability in case of data loss or breach. Operational and architectural issues could arise if an organization development team isn’t familiar with cloud technologies as apps are deployed to a particular cloud. An organization should do adequate research before moving to cloud computing because of the risk associated with it [7]. 3.1.8 Cloud service abuses Cloud services may be used to support activities like using cloud computing resources to break an encryption key in order to launch an attack. Examples of these attacks include launching DDoS attacks, sending spam and phishing emails. Providers need to recognize kind of abuse to recognize DDoS attacks and offer tools for customers to monitor the health of their cloud environments. Customers should make sure that providers offer them a mechanism for reporting abuse. Even though customers may not be direct prey for malicious actions, cloud service abuse can still result in unavailability of service and data loss [7]. 3.1.9 DoS attacks DoS attacks have been around for a long time and have gained prominence again thanks to cloud computing because they often affect availability. Systems may run slow or simply time out. These DoS attacks consume large amounts of processing power, a bill the customer may ultimately have to pay. High-volume DDoS attacks are very common, but organizations should also be aware of asymmetric and application-level DoS attacks, which target Web server and database vulnerabilities. Cloud providers are better poised to handle DoS attacks than their customers. The key here is to have a plan to mitigate the attack before it occurs, so administrators have access to those resources when they need them.
  5. 5. Rohan Jathanna. Int. Journal of Engineering Research and Application www.ijera.com ISSN : 2248-9622, Vol. 7, Issue 6, ( Part -5) June 2017, pp.31-38 www.ijera.com DOI: 10.9790/9622-0706053138 35 | P a g e The table below shows represents the schematic diagram showing the hierarchy of the cloud computing with security challenges on both the cloud computing models: Deployment and Service models IV. SECURITY CHALLENGES OF CLOUD MODEL 4.1SECURITY CHALLENGES OF SERVICE MODEL 4.1.1Malicious attacks Security threats can occur from both outside of and within organizations. According to the 2011 Cyber Security Watch Survey 21% of cyber-attacks were caused by insiders. 33% of the respondents thought the insider attacks were more costly and damaging to organizations. Generally, inside attacks were unauthorized access to and use of corporate information (63 %), and theft of intellectual property (32%). Malicious users can gain access to certain sensitive data and thus leading to data breaches. Farad Sabah [11] has shown malicious attacks by the unauthorized users on the victim’s IP address and physical server. The malicious agenda can vary from data theft to revenge. In a cloud scenario, an insider can destroy whole infrastructures or manipulate or steal data. Systems that depend solely on the cloud service provider for security are at greatest risk. 4.1.2 Backup and Storage The cloud vendor should ensure that regular backup of data is implemented that even ensure security with all measures. But the backup data is generally found in unencrypted form which can lead to misuse of the data by unauthorized people. Thus data backups lead to various security threats. More the server virtualization increases, an extremely difficult problem with backup and storage is created [12]. Data de-duplication is one of the solutions to reduce backup and offline storage volumes. 4.1.3Service hijacking Service hijacking is means gaining illegal control on certain authorized services by unauthorized users. It can be through various techniques like phishing, exploitation of software and fraud. This is as one of the threats. Account Hijacking has been pointed as one of the most serious threats [13]. The chances of hijacking account are incredibly high as no native 4.1.4VM Hopping The attacker can check the victim/users VM’s resource procedure, alter the configurations and can even delete stored data which may be sensitive, therefore, putting it in danger the VM’s confidentiality, integrity, and availability. A requirement for this type of attack is that the two VMs must be operating on the same host, and the attacker must be able to recognize the victim VM’s IP address. Though PaaS and IaaS users have partial authority, an attacker may get hold of or decide the IP address using benchmark customer capabilities by using various tricks and combinational inputs to fetch user’s IP. Thus it can be said that VM hopping is a rational threat in cloud computing. 4.2 Security challenges of deployment model 4.2.1Platform-as-a-service (PaaS) security issues PaaS allows deployment of cloud-based applications without the cost of buying and maintaining the underlying hardware and software layers [14]. PaaS depends on a secure and reliable network. PaaS application security constitutes two software layers: Security of the PaaS platform itself and Security of customer applications deployed on a PaaS platform. 4.2.2Third-party relationships PaaS along with traditional programming languages also offers third-party web services components such as mashups [15]. Mashups can combine more than one source element into a single integrated unit. Therefore PaaS models have security issues which are related to mashups [16]. PaaS users are dependent on both the security of web- hosted development tools and third-party services. 4.2.3Development Life Cycle From the point of view of the application development, developers may face the complexity of building secure applications that may be hosted in the cloud. The speed at which applications change in the cloud will affect both the security and System Development Life Cycle (SDLC) [17]. Software
  6. 6. Rohan Jathanna. Int. Journal of Engineering Research and Application www.ijera.com ISSN : 2248-9622, Vol. 7, Issue 6, ( Part -5) June 2017, pp.31-38 www.ijera.com DOI: 10.9790/9622-0706053138 36 | P a g e Developers have to keep in mind that PaaS applications must be upgraded frequently hence they have to make sure that their application development processes are flexible enough to keep up with changes. However, software developers should understand that any change in PaaS components can compromise the security of the applications. Other than secure development techniques, developers need to be educated and informed about data legal issues as well, so that data is not stored in inappropriate locations. Data may be stored in different places with different legal regimes that can include its privacy and security. 4.2.4 Underlying infrastructure security In PaaS, software developers do not normally have access to the underlying layers, so providers are therefore responsible for securing the underlying infrastructure and the applications services. Even if developers are in control of the security, they do not have the assurance that the development environment tools provided by a PaaS provider are secure. 4.3 Cloning and Resource Pooling Cloning means with replicating or duplicating the data.. Cloning can lead to data leakage problems which reveal the machine’s authenticity. While Wayne A. Pauley [18] describes resource pooling as a service provided to the users by the provider to use various resources and share the same according to their application demand. Resource Pooling means unauthorized access due to sharing through the same network. Studies on Virtual and Cloud Computing by researchers state that a Virtual Machine can quite easily be provisioned, they can also be inversed to previous cases, paused and easily restarted and migrated between two servers, leading to non-auditable security threats 4.4Unencrypted Data Data encryption is a process that helps to solve various external and malicious threats. Unencrypted data is very vulnerable for susceptible data, as it does not provide any security mechanism. Unencrypted data can very easily be accessed by unauthorized users. Unencrypted data risks the user data which leads to cloud server to escape various data information to unauthorized users [19]. For example, the famous file sharing service Drop box was accused for using a single encryption key for all user data the company stored. These unencrypted, insecure data encourage the malicious users to misuse the data one or the other way. 4.5 Authentication and Identity Management With the use of cloud, a user is facilitated to access private data and makes it available to various services across the network. Identity management helps in authenticating the users through their credentials. A key issue, concerned with Identity Management (IDM), is its disadvantage of interoperability resulting from different identity tokens and identity negotiation protocols as well as the architectural pattern [20]. 4.6Network Issues: Cloud computing relies on internet and remote computers so that it can maintain data for running various applications. This network is used to upload all information. H.B. Tabakki [21] has stated security issues with network on cloud as a prime focus. It provides virtual resources, high bandwidth and software to the consumers on demand. In reality, the network structure of this cloud is vulnerable to various attacks and security issues like cloud malware injection attack, browser security issues, flooding attacks, locks-in, incomplete data deletion, data protection and XML signature element wrapping. 4.6.1XML Signature Element Wrapping It is a very renowned web service attack. This protects identity value and host name from illegal party but cannot protect the position in the documents [22]. The attacker targets the host computer by sending SOAP messages and putting scrambled data which the user of the host computer will not understand. The XML Signature wrapping attack changes the content of the signed part of a message and does not tamper the signature. This would not let the user to understand. 4.6.2 Browser Security Client uses browser to send the information on network. These browsers use SSL technology to encrypt user’s identity and credentials. But hackers from the intermediary host may obtain these credentials by using sniffing packages installed on the intermediary host. One should have a single identity but this credential must allow different levels of assurance which can be achieved by obtaining approvals digitally. 4.6.3Flooding Attacks In this type of attack the invader sends large number of requests for resources on the cloud rapidly so that the cloud gets flooded with the large number of requests. As per the study carried out by IBM [23] cloud has a property to expand on the basis of amount of request. It will expand in so that it fulfills the requests of invader making the resources inaccessible for the normal users.
  7. 7. Rohan Jathanna. Int. Journal of Engineering Research and Application www.ijera.com ISSN : 2248-9622, Vol. 7, Issue 6, ( Part -5) June 2017, pp.31-38 www.ijera.com DOI: 10.9790/9622-0706053138 37 | P a g e 4.6.4SQL Injection Attack These attacks are known to be malicious act on the cloud computing in which a malicious code is inserted into a SQL code. This attack allows the invader to gain unauthorized access to a database and to other confidential information. SQL injection can be used to attack any type of SQL database. The reason that SQL injection and other exploits are possible is because security is insufficiently emphasized in development. . V. REAL LIFE EXAMPLES 5.1 Target: Target security breach leaked approximately 70 million customer’s credit card information during 2013. Similar to iCloud, Target's network breach revealed that it had many holes in the company's security strategy. The Target hack was the result of access to network via an HVAC contractor monitoring store climate systems, so once the Target system was breached, the hackers simply uploaded a grabber program to mirror payment data to Target server which was unused. Hackers accessed the payment stream -- plump with holiday shopper’s information -- for two months. Target faced losses of $400 million -- plus a great deal of customer trust. It cost CEO his jobs. Hackers had gained access to Target's network for close two weeks in 2013. Target has now taken measures to plug any security holes, but the intrusion could have been avoided. An intrusion detection package had warned of this attack on multiple occasions, but those warnings were ignored. 5.2Home Depot More than 56 million credit or debit cards and approximately 53 million emails compromised, this damage was even more severe from Home Depot's attack. A malware accessed a POS system that gave hackers entry into to Home Depot's systems over nearly a six month period. Hackers used a third-party vendor's user name and password to gain access Home Depot's network. The stolen information about credentials provided direct access to the organizations point-of-sale devices, hackers then acquired greater rights that allowed them to navigate portions of Home Depot's network and to deploy custom-built malware on its self-checkout systems in the US and Canada. These files did not contain passwords or other sensitive information, but phishing scams are a real danger 5.3Sony Hackers, who referred to themselves as the Guardians of Peace, got access to data ranging from employee information to email’s and unreleased films. In addition to this hackers destroyed many of Sony's computers and many of its servers following the attack. Malware was found to be the culprit creating havoc on Sony's network. While malware protection is important and could have certainly limited the destruction, it is crucial to have a better understanding of what is taking place on a network with in-depth network security intelligence. Network monitoring can alert businesses in the event of an intrusion, but these alerts are of no use if businesses overlook threats. Cloud was not the issue for the Sony hack; it was improper network security precautions that ultimately affected the company. OTHER CASES Google had a big failure in 2011, involving the deletion of around 150,000 Gmail user’s emails, contact and other information. Google claimed it was caused due to a software upgrade which resulted unexpected consequences. It took Google around four days to completely restore data of the impacted users, which is quite a long time, given that Google claimed this as impacting less than 1% of its accounts. The Microsoft Business Productivity Online Suite was reportedly hit with a data breach in 2010, customers of BPOS cloud service could download information on other customers of the suite though inadvertently. The technology giant claimed it had resolved the issue within couple of hours of its discovery, and claimed only a few customers were involved. VI. CONCLUSION Cloud Computing is a new concept that presents quite a number of benefits for its users. But it also raises some security problems which may affect its usage. Understanding about the vulnerabilities existing in Cloud Computing will help organizations to make the shift towards using the Cloud. Since Cloud Computing leverages many technologies and it also inherits their security issues. Traditional web applications, virtualizations have been looked over but some of the solutions offered by cloud are immature or inexistent. We have presented security issues for cloud models: IaaS, PaaS, and IaaS, which differ depending on the model. As described in this paper, storage and networks are the biggest security concerns in Cloud Computing. Virtualization that allows multiple users to share a physical server is a major concerns for cloud users.. Virtual networks are target for some attacks. We have focused on this distinction, where we consider important to understand these issues. Another core element of cloud computing is multitenancy. ACKNOWLEDGEMENTS We thank all the people who have contributed towards development of our research. .
  8. 8. Rohan Jathanna. Int. Journal of Engineering Research and Application www.ijera.com ISSN : 2248-9622, Vol. 7, Issue 6, ( Part -5) June 2017, pp.31-38 www.ijera.com DOI: 10.9790/9622-0706053138 38 | P a g e REFERENCES [1]. Mohamed Magdy Mosbah, “Current Services in Cloud Computing: A Survey ,” International Journal of Computer Science, Engineering and Information Technology (IJCSEIT), Vol.3,No.5,October 2013 [2]. Armbrust, M. et. al., (2009), “Above the clouds: A Berkeley view of Cloud Computing”, UC Berkeley EECS, Feb 2010. [3]. Lizhe Wang, Jie Tao, Kunze M., Castellanos A.C., Kramer D., Karl W., “Scientific Cloud Computing: Early Definition and Experience,” 10th IEEE Int. Conference on High Performance Computing and Communications, pp. 825- 830, Dalian, China, Sep. 2008, ISBN: 978- 0-7695-3352-0. [4]. B. R. Kandukuri, R. Paturi V, A. Rakshit, “Cloud Security Issues”, In Proceedings of IEEE International Conference on Services Computing, pp. 517-520, 2009 [5]. National Institute of Standards and Technology, NIST Definition of Cloud Computing, Sept 2011. [6]. D. Jamil and H. Zaki, “Security Issues in Cloud Computing and Countermeasures,” International [7]. Journal of Engineering Science and Technology, Vol. 3 No. 4, pp. 2672-2676, April 2011 http://www.infoworld.com/article/3041078 [8]. Rittinghouse JW, Ransome JF: Security in the Cloud. In Cloud Computing. Implementation, Management, and Security, CRC Press; 2009. [9]. Garfinkel T, Rosenblum M: When virtual is harder than real: Security challenges in virtual machine based computing environments. In Proceedings of the 10th conference on Hot Topics in Operating Systems, Santa Fe, NM. volume 10. CA, USA: USENIX Association Berkeley; 2005:227–229. [10]. Morsy MA, Grundy J, Müller I: An analysis of the Cloud Computing Security problem. In Proceedings of APSEC 2010 Cloud Workshop. Sydney, Australia: APSEC; 2010. [11]. Farzad Sabahi, “Cloud Computing Security Threats and Responses”, 978-1-61284-486- 2, IEEE, 2011, pp: 245 – 249. [12]. Intel IT Center, “Preparing your Virtualized Data Center for the Cloud”, pp: 1 – 20 [13]. Rajnish Choubey, Rajshree Dubey, Joy Bhattacharjee, “A Survey on Cloud Computing Security, Challenges and Threats”, International Journal on Computer Science and Engineering, ISSN: 0975-3397, Vol. 3 No. 3 March 2011, pp: 1227 – 1231. [14]. Subashini S, Kavitha V: A survey on Security issues in service delivery models of Cloud Computing. J Netw Comput Appl 2011, 34(1):1–11. 10.1016/j.jnca.2010.07.006. [15]. Mather T, Kumaraswamy S, Latif S: Cloud Security and Privacy. Sebastopol, CA: O’Reilly Media, Inc.; 2009. [16]. Keene C: The Keene View on Cloud Computing. 2009. [17]. Rittinghouse JW, Ransome JF: Security in the Cloud. In Cloud Computing. Implementation, Management, and Security, CRC Press; 2009. [18]. Wayne A. Pauley, “Cloud Provider Transparency – An empirical evaluation”, the IEEE computer and reliability societies, IEEE, November 2010, pp: 32 – 39. [19]. Cong Wang, Ning Cao, Kui Ren, Wenjing Lou, “Enabling Secure and Efficient Ranked Keyword Search over Outsourced Cloud Data”, IEEE transactions on parallel and distributed systems, IEEE, Digital Object Indentifier 10.1109/TPDS.2011.282, 2011, pp: 1 – 14. [20]. Rosa Sánchez, Florina Almenares, Patricia Arias, Daniel Díaz-Sánchez and Andrés Marín, “Enhancing Privacy and Dynamic Federationn IdM for Consumer Cloud Computing”, IEEE Transactions on Consumer Electronics, Vol. 58, No. 1, February 2012, pp: 95 – 103. [21]. H. Takabi, J.B.D. Joshi, and G.-J. Ahn, “Secure Cloud: Towards a Comprehensive Security Framework for Cloud Computing Environments,” Proc. 1st IEEE Int’l Workshop Emerging Applications for Cloud Computing (CloudApp 2010), IEEE CS Press, 2010, pp. 393– 398. [22]. Jamil, D., Zaki, H. “Security issues in cloud computing and counter measures”, International Journal of Engineering Science and Technology (IJEST) , Vol. 3 No. 4, pp: 2672-2676. [23]. Web 2.0/SaaS Security, Tokyo Research Laboratory, IBM Research. http://www.trl.ibm.com/projects/web20sec/ web20sec_e.htm

×